Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for securely roaming a digital identity stored on a secure roaming device, wherein the secure roaming device stores encrypted attributes of the digital identity accessible using a bimodal credential, the method comprising: receiving a first request for at least one attribute of the digital identity from a first service provider; receiving a first password of the bimodal credential at the secure roaming device, wherein the first password allows a safe mode of access to the digital identity; providing safe access to a first encrypted identity token, wherein the first encrypted identity token comprises: a first cryptographic session key; and the at least one attribute of the digital identity, wherein the at least one attribute comprises private identity information; providing safe access to a first encrypted identifier, wherein the first encrypted identifier is encrypted with the first cryptographic session key; and transmitting the first encrypted identity token and the first encrypted identifier to the first service provider.
2. The computer-implemented method of claim 1 , wherein the first encrypted identifier is associated with the first service provider and is used to validate the first encrypted identity token.
3. The computer-implemented method of claim 1 , further comprising: receiving a second request for the at least one attribute of the digital identity from a second service provider; receiving the first password of the bimodal credential at the secure roaming device, wherein the first password enables a safe mode of access to the digital identity; providing safe access to a second encrypted identity token, wherein the second encrypted identity token comprises: a second cryptographic session key; and the at least one attribute of the digital identity, wherein the at least one attribute comprises private identity information; providing safe access to a second encrypted identifier, wherein the second encrypted identifier is encrypted with the second cryptographic session key; and transmitting the second encrypted identity token and the second encrypted identifier to the second service provider.
4. The computer-implemented method of claim 3 , wherein the second encrypted identifier is associated with the second service provider and is used to validate the second encrypted identity token.
5. The computer-implemented method of claim 1 , further comprising: receiving a second password of the bimodal credential at the secure roaming device, wherein the second password enables an administrative mode of access to the digital identity; receiving modifications to the at least one attribute of the digital identity; encrypting the modified at least one attribute of the digital identity and the first cryptographic session key to form a modified first encrypted identity token; and transmitting the modified first encrypted identity token to the first service provider.
6. The computer-implemented method of claim 5 , wherein the administrative mode of access to the digital identity allows access to data values associated with the at least one attribute.
7. The computer-implemented method of claim 1 , wherein the safe mode of access to the digital identity allows access to metadata associated with the at least one attribute, and wherein the safe mode of access to the digital identity disallows access to data values associated with the at least one attribute.
8. The computer-implemented method of claim 1 , wherein the secure roaming device is accessed via an unsecure interface.
9. A secure roaming device, comprising: at least one processor; and at least one memory, communicatively coupled to the at least one processor and containing computer-readable instructions that, when executed by the at least one processor, perform a method for securely roaming a digital identity stored on a secure roaming device, the method comprising: receiving a request for a first attribute and a second attribute of the digital identity from a service provider; receiving a first password of a bimodal credential, wherein the first password enables a safe mode of access to the digital identity stored on the secure roaming device, comprising: providing safe access to a first encrypted identity token, wherein the first encrypted identity token comprises: a cryptographic session key; and the first attribute of the digital identity, wherein the first attribute comprises private identity information; receiving a second password of the bimodal credential, wherein the second password enables an administrative mode of access to the digital identity stored on the secure roaming device, comprising: receiving modifications to the second attribute of the digital identity; and encrypting the second attribute of the digital identity and the cryptographic session key to form a second encrypted identity token; and transmitting the first encrypted identity token and the second encrypted identity token to the service provider.
10. The secure roaming device of claim 9 , further comprising: providing an encrypted identifier from the secure roaming device, wherein the encrypted identifier is encrypted with the cryptographic session key, and wherein the encrypted identifier is associated with the service provider and is used to validate the first encrypted identity token and the second encrypted identity token.
11. The secure roaming device of claim 9 , wherein the safe mode of access to the digital identity allows access to metadata associated with the first attribute, and wherein the safe mode of access to the digital identity disallows access to data values associated with the first attribute.
12. The secure roaming device of claim 9 , wherein the administrative mode of access to the digital identity allows access to data values, associated with the first attribute and the second attribute.
13. The secure roaming device of claim 9 , wherein the secure roaming device comprises at least one of a portable secure roaming device, a flash memory device, and a biometric memory device.
14. The secure roaming device of claim 9 , wherein the secure roaming device is accessed via an unsecure interface.
15. A computer storage device storing computer-executable instructions for performing a method of securely roaming a digital identity, the method comprising: receiving a request for a first attribute of the digital identity from a service provider; receiving a first password of a bimodal credential at the secure roaming device, wherein the first password enables a safe mode of access to the digital identity; providing safe access to an encrypted identity token, wherein the encrypted identity token comprises: a cryptographic session key; and the first attribute of the digital identity, wherein the first attribute comprises private identity information; providing safe access to an encrypted identifier, wherein the encrypted identifier is encrypted with the cryptographic session key; and transmitting the encrypted identity token and the encrypted identifier to the service provider.
16. The computer storage medium of claim 15 , wherein the encrypted identifier is associated with the service provider and is used to validate the encrypted identity token.
17. The computer storage medium of claim 15 , further comprising: receiving a second request for a second attribute of the digital identity from the service provider; receiving a second password of the bimodal credential, wherein the second password enables an administrative mode of access to the digital identity; receiving data values associated with the second attribute of the digital identity; encrypting the second attribute of the digital identity and the cryptographic session key to form a second encrypted identity token; and transmitting the second encrypted identity token to the service provider.
18. The computer storage medium of claim 15 , wherein the safe mode of access to the digital identity allows access to metadata associated with the first attribute, and wherein the safe mode of access to the digital identity disallows access to data values associated with the first attribute.
19. The computer storage medium of claim 17 , wherein the administrative mode of access to the digital identity allows modification of data values associated with the first attribute and the second attribute.
20. The computer storage medium of claim 15 , wherein the secure roaming device is accessed via an unsecure interface.
Unknown
November 1, 2011
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.